Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/AUKx0J4WNHpEIs7yN_p5Gj-AKQc.roa
File:                     AUKx0J4WNHpEIs7yN_p5Gj-AKQc.roa (raw, json)
Hash identifier:          eENZl1wDIRgwnUAmEgxPXPDBi6xMrW0OqSMxiYMTiao=
Subject key identifier:   01:42:B1:D0:9E:16:34:7A:44:22:CE:F2:37:FA:79:1A:3F:80:29:07
Certificate issuer:       /CN=729ca63e6d2b504449217dc0788c9d37489b4c45
Certificate serial:       0199D8C428D969E3CB9EA55BA5E4D5BD2328
Authority key identifier: 72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/AUKx0J4WNHpEIs7yN_p5Gj-AKQc.roa
Signing time:             Sun 12 Oct 2025 14:12:38 +0000
ROA not before:           Sun 12 Oct 2025 14:12:38 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     0
IP address blocks:        212.108.98.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 20 Oct 2025 11:18:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:99:d8:c4:28:d9:69:e3:cb:9e:a5:5b:a5:e4:d5:bd:23:28
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=729ca63e6d2b504449217dc0788c9d37489b4c45
        Validity
            Not Before: Oct 12 14:12:38 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=0142b1d09e16347a4422cef237fa791a3f802907
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:89:97:08:a1:e4:c7:28:38:08:a1:6f:be:6c:
                    87:f8:90:07:cd:ed:94:e4:67:a8:85:46:bd:36:29:
                    7a:0a:0d:3e:31:b0:33:65:7f:f0:c1:27:40:00:fc:
                    69:36:1a:67:07:9d:3b:e5:2d:79:5f:7e:b4:ac:ca:
                    5b:e5:8c:c0:d7:24:62:3c:19:05:2d:43:66:3d:e3:
                    8d:71:e6:fa:49:2c:55:f8:a5:14:0d:b5:e0:ec:5e:
                    6f:e4:ee:23:6d:c8:28:81:06:b6:8c:97:0b:fe:b5:
                    ce:00:34:11:33:cc:b7:4d:0e:27:50:e4:56:6f:39:
                    3a:a3:82:9e:20:b2:07:e0:06:d0:a7:e5:7f:a1:55:
                    2a:33:0a:c2:45:50:c5:9e:6d:8e:ac:cf:cc:0a:1c:
                    c5:f0:e0:c9:57:61:4e:c7:92:21:2c:7f:22:0f:bc:
                    a8:14:1d:db:76:14:3f:83:02:6f:cb:28:32:e0:6c:
                    ae:9b:86:56:3f:d4:92:32:b2:cd:36:27:b0:9f:b1:
                    fa:4d:da:81:44:2f:00:a5:c8:db:cc:60:28:5d:05:
                    8b:b8:90:bf:f5:11:01:89:1d:7f:65:36:01:9e:89:
                    ca:59:0f:f0:d9:4c:48:8f:86:e4:22:3b:69:dc:43:
                    ab:e9:fc:fc:31:32:2e:8e:84:ed:25:55:6a:39:bf:
                    8b:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:42:B1:D0:9E:16:34:7A:44:22:CE:F2:37:FA:79:1A:3F:80:29:07
            X509v3 Authority Key Identifier:
                keyid:72:9C:A6:3E:6D:2B:50:44:49:21:7D:C0:78:8C:9D:37:48:9B:4C:45

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/cpymPm0rUERJIX3AeIydN0ibTEU.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/AUKx0J4WNHpEIs7yN_p5Gj-AKQc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/59ea29-f288-468e-a33e-559e3d76c5b6/1/cpymPm0rUERJIX3AeIydN0ibTEU.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  212.108.98.0/24

    Signature Algorithm: sha256WithRSAEncryption
         34:4b:2b:cf:59:f4:f6:2b:11:51:e6:7e:2c:81:ee:80:5e:ee:
         0a:9b:31:68:0f:c8:79:3b:45:f2:eb:8d:ce:d2:2a:45:a6:cb:
         72:5e:bf:27:7e:6a:dc:36:e4:3a:96:9d:1f:49:e5:12:2e:60:
         11:cb:4a:27:09:d2:44:78:23:e3:5d:32:00:d4:99:97:79:c4:
         92:ac:b7:6a:73:21:2d:e1:49:94:2f:97:cc:a5:68:e5:41:16:
         30:77:0f:bc:9f:41:f6:72:83:2c:9f:a5:7f:69:01:f2:21:9f:
         dc:f0:81:d0:86:15:d8:d0:04:23:df:d0:b8:74:aa:eb:8b:9d:
         f0:ce:6f:61:40:d4:84:b0:3e:dc:4a:07:31:64:13:44:e4:19:
         75:8f:ea:bf:3c:8d:37:d2:42:a8:6d:c0:b0:14:a5:d9:8e:6f:
         67:47:f5:a2:c9:9d:1f:fa:00:df:f2:e6:41:3a:a4:5f:ae:62:
         9e:a3:0d:d9:2e:d9:d3:e9:15:86:a0:3f:22:46:ab:ed:cf:f3:
         8f:06:52:ce:ca:97:56:64:5d:a1:00:d6:ab:5c:3d:8a:a0:31:
         9b:97:0c:ed:75:a7:d1:ea:2f:86:69:c9:87:e5:d3:79:b0:b9:
         94:6c:4f:6f:f5:e1:38:58:1f:0b:82:ce:3e:19:98:78:67:03:
         29:cd:a6:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAZnYxCjZaePLnqVbpeTVvSMoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDcyOWNhNjNlNmQyYjUwNDQ0OTIxN2RjMDc4OGM5ZDM3NDg5
YjRjNDUwHhcNMjUxMDEyMTQxMjM4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTQyYjFkMDllMTYzNDdhNDQyMmNlZjIzN2ZhNzkxYTNmODAyOTA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYmXCKHkxyg4CKFvvmyH+JAHze2U
5GeohUa9Nil6Cg0+MbAzZX/wwSdAAPxpNhpnB5075S15X360rMpb5YzA1yRiPBkF
LUNmPeONceb6SSxV+KUUDbXg7F5v5O4jbcgogQa2jJcL/rXOADQRM8y3TQ4nUORW
bzk6o4KeILIH4AbQp+V/oVUqMwrCRVDFnm2OrM/MChzF8ODJV2FOx5IhLH8iD7yo
FB3bdhQ/gwJvyygy4Gyum4ZWP9SSMrLNNiewn7H6TdqBRC8ApcjbzGAoXQWLuJC/
9REBiR1/ZTYBnonKWQ/w2UxIj4bkIjtp3EOr6fz8MTIujoTtJVVqOb+LmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAFCsdCeFjR6RCLO8jf6eRo/gCkHMB8GA1UdIwQY
MBaAFHKcpj5tK1BESSF9wHiMnTdIm0xFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2Ut
NTU5ZTNkNzZjNWI2LzEvQVVLeDBKNFdOSHBFSXM3eU5fcDVHai1BS1FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS81OWVhMjktZjI4OC00NjhlLWEzM2UtNTU5ZTNkNzZjNWI2
LzEvY3B5bVBtMHJVRVJKSVgzQWVJeWROMGliVEVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1GxiMA0G
CSqGSIb3DQEBCwUAA4IBAQA0SyvPWfT2KxFR5n4sge6AXu4KmzFoD8h5O0Xy643O
0ipFpstyXr8nfmrcNuQ6lp0fSeUSLmARy0onCdJEeCPjXTIA1JmXecSSrLdqcyEt
4UmUL5fMpWjlQRYwdw+8n0H2coMsn6V/aQHyIZ/c8IHQhhXY0AQj39C4dKrri53w
zm9hQNSEsD7cSgcxZBNE5Bl1j+q/PI030kKobcCwFKXZjm9nR/WiyZ0f+gDf8uZB
OqRfrmKeow3ZLtnT6RWGoD8iRqvtz/OPBlLOypdWZF2hANarXD2KoDGblwztdafR
6i+GacmH5dN5sLmUbE9v9eE4WB8Lgs4+GZh4ZwMpzaZs
-----END CERTIFICATE-----